Hackers breach charities' e-mails

So far, none of data has been used for fraud

Hackers obtained access last month to the e-mail addresses and passwords of thousands of donors to 92 charities that use online database software and services from Convio Inc.

Among the charities are CARE and the American Museum of Natural History.

There is no evidence that anyone has used the information to engage in fraud, but several charities have notified donors of the breach and advised them to consider changing passwords if they use the same password for other purposes. Convio, of Austin, Texas, which works primarily with charities, discovered the breach Nov. 1 and told clients about it two days later, spokesman Tad Druart said.

About a week later, the company notified an additional 62 nonprofit groups that similar information about their donors might have been compromised, although there was no evidence that it had been downloaded, Druart said.

He said the problem affected only users of GetActive, a business that was acquired by Convio almost a year ago.

News of the breach was reported as the year-end giving season starts. A growing number of donors use the Internet to make their gifts, and analysts said some charities might have been reluctant to inform them about the breach out of fear that it would affect donations.

"This wasn't the best time for this to happen," said Beth Kanter, a consultant and blogger.

Allan Benamer, who writes the Non-Profit Tech Blog, reported on the problem early in the month. By Nov. 14, Benamer could identify just four organizations that had notified donors, freepress.net, CARE, the Museum of Natural History and Credo Mobile, a for-profit wireless communications business that works to enlist customers' support for causes.